Jay Heiser is a research vice president specializing in the areas of IT risk management and compliance, security policy and organization, forensics, and investigation. Current research areas include cloud and SaaS computing risk and control, technologies and processes for the secure sharing of data… Read Full Bio

I put my money where my mouth was, and took my wife on a date last week. I’m sure that we were not the only people who saw The Interview out of a sense of duty. We expected it to be a tedious and silly movie, but we also felt that paying to watch it, in a regular movie theater, […]

C: we are concerned about putting our email into the cloud. J: why? C: Somebody might look at it. J: Somebody can already look at it, even when you do host your email server in house. SMTP is a data leakage protocol, that isn’t designed to secure your data, but is intended to disseminate it […]

Code Spaces, a vendor that claimed to provide secure Source Code hosting and project management support, has just been forced to admit to their customers that they’ve been sabotaged by a cyber extortionist, and they probably cannot fully recover. They put all their hopes, and all their customers’ data, into a single cloud, and it burst. […]

Change all your passwords. Now. And then do it again in a week. Of course, there’s no evidence that any passwords have been exploited, but isn’t the lack of substantive evidence a suspicious fact in and of itself? It can be if you want it to be. My favorite presentation at the RSA Conference was […]

Its too bad that Dick Cheney’s awkward little epistemological speech has been so thoroughly politicized, turning an important risk management principle into an opportunity for derision. Intelligence analysts, and IT analysts, need to be acutely aware of the limits of their knowledge, especially when making decisions about the how to take advantage of public cloud services. […]

Although the actual events took place at widely varying times, the summer of 2013 has witnessed the public release of 3 major ‘inappropriate use of the cloud’ incidents. On July 28, Oregon Health & Science University (OHSU) felt compelled to notify 3,044 patients that while there was no reason to believe that their data had […]

You’ve got 2 weeks to get several Petabytes of data from a dissipating cloud. Will you get it all back safely? Hundreds of Nirvanix customers are asking themselves that question right now. Although their web site remains blissfully mum about this unfortunate development, The Wall Street Journal is only one of several media organizations reporting […]